Security expert calls for IP address ranges of criminal providers to be sent direct to the police
A new RIPE working group called Cooperation is investigating how to improve cooperation between IP address administrators and crime prosecuting authorities. The working group was formed during this week's Réseaux IP Européens conference in Dubai. In view of a strong demand from the authorities, Paul Hoare of the Serious Organized Crime Agency (SOCA) called upon RIPE members at the first session to consider the possibility of sending criminal providers' IP addresses directly to the authorities.
Given such information, the authorities could quickly take over the corresponding address ranges and divert routeing appropriately. Hoare conceded to heise online that some of the data traffic would certainly remain within the criminal network, but some of the traffic could indeed be diverted, hampering the criminal's activities to some extent.
Hoare derived his recommendations (Powerpoint file) from his own experience of the notorious Russian Business Network (RBN). As a RIPE member, he said, RBN had obtained an address range and then used it to host various criminal activities. Hoare gave a breakdown by category of SOCA's observations of criminal activities over a small range of RBN addresses. Distributing malware made up 55%, marketing child pornography 33.5% and hosting botnets 0.3%.
The crime-prosecuting authorities are hoping that getting the cooperation of address administrators will yield quick results for their "cases". A representative of the FBI who came to the RIPE session confirmed that taking the route of requesting judicial assistance (sending "letters of request") could take a very, very long time. Taking the direct route to his colleagues in the Dutch police would be better, he said. The Dutch police are in fact responsible for the RIPE NCC, which has its head office in the Netherlands.
These suggestions met with some scepticism from the RIPE members and from the full-time address administrators in Amsterdam. Malcolm Hutty of the London Internet Exchange (LINX) warned that any possible direct measures taken by the RIPE NCC could lead to problems in intergovernmental relations. Representatives of several big British providers of online games, which are legal in the UK, said they would then have to fear for their address resources, for gambling was considered illegal elsewhere.
Various representatives of the RIPE NCC warned against the address administrators becoming judges and sheriffs at the same time. While a member was paying his bills and the address administrators had no indications that criminal activities were being carried on with his addresses, taking steps against him would be difficult. In the case of the RIPE member acting for the RBN, said RIPE NCC Managing Director Axel Pawlik, as far as the authorities knew no relevant information had been received from the authorities.
Experts on address administration also pointed out that removing allocated address blocks from the RIPE database would not initially have any effect on the routing of addresses, but the option of declaring as invalid certificates associated with address resources might perhaps open up a future possibility of direct influence by address administrators on the routing of addresses. Ultimately, they said, the decision is in the hands of the providers in this case as well. Only if the latter took over certified status for their routing would direct intervention be possible. Sceptical observers at the RIPE meeting in Dubai warned of the possible consequences.
The few representatives of officialdom present in Dubai are hoping for satisfactory cooperation – and not only with the IP address administrators. At next year's ICANN meeting, representatives of crime-prosecuting authorities want a second opportunity to exchange views with that community. That meeting will probably be held behind closed doors and with an increased attendance.
(Monika Ermert) /